| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADm8Te=peTkMfSFqfHdj6AW-O88Jz3mtqQDn6rYwAn59zE5ZWQ@mail.gmail.com>
Date: Thu, 8 Jan 2026 21:41:02 +0800
From: Tuo Li <islituo@...il.com>
To: Toke Høiland-Jørgensen <toke@...e.dk>
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] wifi: ath9k: add a defensive NULL check to prevent
null-pointer dereference in ath9k_beacon_remove_slot()
On Wed, Jan 7, 2026 at 6:03 PM Toke Høiland-Jørgensen <toke@...e.dk> wrote:
>
> Tuo Li <islituo@...il.com> writes:
>
> > In this function, bf is guarded by an if statement, indicating that it may
> > be NULL:
> >
> > if (bf && bf->bf_mpdu) {...}
> >
> > If bf is NULL, calling list_add_tail() may result in a null-pointer
> > dereference:
> >
> > list_add_tail(&bf->list, &sc->beacon.bbuf);
> >
> > Therefore, add a defensive NULL check before invoking list_add_tail() to
> > prevent this issue.
> >
> > Signed-off-by: Tuo Li <islituo@...il.com>
>
> Are you fixing an actual bug here? Otherwise, this is not worth the
> churn...
>
> -Toke
Thanks for pointing this out.
This issue was reported by a static analysis tool. After reviewing the
code, I noticed that bf is guarded by an if statement, which indicates
that it may be NULL, so I added a defensive check before the other
dereference.
However, I have not been able to identify a concrete execution path in
which bf would actually be NULL at that point. I'm fine with dropping
this change if it is considered unnecessary.
Best regards,
Tuo
Powered by blists - more mailing lists